r1221: Added the last of the system keytab patch from "Dan Perry" <dperry@pppl.gov>,

		DEBUG(3,("ads_keytab_add_entry: adding keytab entry for (%s) with encryption type (%d) and version (%d)\n",

			princ_s, enctypes[i], kt_entry.vno));

		ret = krb5_kt_add_entry(context, keytab, &kt_entry);

		krb5_free_keyblock(context, keyp);

		krb5_free_keyblock_contents(context, keyp);

		ZERO_STRUCT(kt_entry);

		if (ret) {

			DEBUG(1,("ads_keytab_add_entry: adding entry to keytab failed (%s)\n", error_message(ret)));

"\n\tperform a raw LDAP search and dump the results\n"

"\nnet ads dn"\

"\n\tperform a raw LDAP search and dump attributes of a particular DN\n"

"\nnet ads keytab"\

"\n\tcreates and updates the kerberos system keytab file\n"

		);

	return -1;

}

			d_printf("Using the name [%s] from the server.\n", short_domain_name);

			d_printf("You should set \"workgroup = %s\" in smb.conf.\n", short_domain_name);

		}

	}

	else

	} else {

		short_domain_name = lp_workgroup();

	}

	d_printf("Using short domain name -- %s\n", short_domain_name);

		return -1;

	}

	/* Now build the keytab, using the same ADS connection */

	if (lp_use_kerberos_keytab() && ads_keytab_create_default(ads)) {

		DEBUG(1,("Error creating host keytab!\n"));

	}

	d_printf("Joined '%s' to realm '%s'\n", global_myname(), ads->config.realm);

	SAFE_FREE(password);

	SAFE_FREE(machine_account);

	if ( ctx )

	if ( ctx ) {

		talloc_destroy(ctx);

	}

	return 0;

}

		return -1;

	}

	if (argc < 1) {

		d_printf("ERROR: You must say which username to change password for\n");

		return -1;

	}

	user = argv[0];

    if (!strchr(user, '@')) {

	if (!strchr_m(user, '@')) {

		asprintf(&c, "%s@%s", argv[0], lp_realm());

		user = c;

	}

	/* use the realm so we can eventually change passwords for users 

	in realms other than default */

    if (!(ads = ads_init(realm, NULL, NULL))) return -1;

	if (!(ads = ads_init(realm, NULL, NULL))) {

		return -1;

	}

	/* we don't actually need a full connect, but it's the easy way to

		fill in the KDC's addresss */

	return 0;

}

int net_ads_changetrustpw(int argc, const char **argv)

{    

	ADS_STRUCT *ads;

	char *host_principal;

    char *hostname;

	fstring my_fqdn;

	ADS_STATUS ret;

	if (!secrets_init()) {

		return -1;

	}

    hostname = strdup(global_myname());

    strlower_m(hostname);

    asprintf(&host_principal, "%s@%s", hostname, ads->config.realm);

    SAFE_FREE(hostname);

	name_to_fqdn(my_fqdn, global_myname());

	strlower_m(my_fqdn);

	asprintf(&host_principal, "%s@%s", my_fqdn, ads->config.realm);

	d_printf("Changing password for principal: HOST/%s\n", host_principal);

	ret = ads_change_trust_account_password(ads, host_principal);

	}

	d_printf("Password change for principal HOST/%s succeeded.\n", host_principal);

	if (lp_use_kerberos_keytab()) {

		d_printf("Attempting to update system keytab with new password.\n");

		if (ads_keytab_create_default(ads)) {

			d_printf("Failed to update system keytab.\n");

		}

	}

	ads_destroy(&ads);

	SAFE_FREE(host_principal);

	return 0;

}

static int net_ads_keytab_usage(int argc, const char **argv)

{

	d_printf(

		"net ads keytab <COMMAND>\n"\

"<COMMAND> can be either:\n"\

"  CREATE    Creates a fresh keytab\n"\

"  ADD       Adds new service principal\n"\

"  FLUSH     Flushes out all keytab entries\n"\

"  HELP      Prints this help message\n"\

"The ADD command will take arguments, the other commands\n"\

"will not take any arguments.   The arguments given to ADD\n"\

"should be a list of principals to add.  For example, \n"\

"   net ads keytab add srv1 srv2\n"\

"will add principals for the services srv1 and srv2 to the\n"\

"system's keytab.\n"\

"\n"

		);

	return -1;

}

static int net_ads_keytab_flush(int argc, const char **argv)

{

	int ret;

	ADS_STRUCT *ads;

	if (!(ads = ads_startup())) {

		return -1;

	}

	ret = ads_keytab_flush(ads);

	ads_destroy(&ads);

	return ret;

}

static int net_ads_keytab_add(int argc, const char **argv)

{

	int i;

	int ret = 0;

	ADS_STRUCT *ads;

	d_printf("Processing principals to add...\n");

	if (!(ads = ads_startup())) {

		return -1;

	}

	for (i = 0; i < argc; i++) {

		ret |= ads_keytab_add_entry(ads, argv[i]);

	}

	ads_destroy(&ads);

	return ret;

}

static int net_ads_keytab_create(int argc, const char **argv)

{

	ADS_STRUCT *ads;

	int ret;

	if (!(ads = ads_startup())) {

		return -1;

	}

	ret = ads_keytab_create_default(ads);

	ads_destroy(&ads);

	return ret;

}

int net_ads_keytab(int argc, const char **argv)

{

	struct functable func[] = {

		{"CREATE", net_ads_keytab_create},

		{"ADD", net_ads_keytab_add},

		{"FLUSH", net_ads_keytab_flush},

		{"HELP", net_ads_keytab_usage},

		{NULL, NULL}

	};

	if (!lp_use_kerberos_keytab()) {

		d_printf("\nWarning: \"use kerberos keytab\" must be set to \"true\" in order to \

use keytab functions.\n");

	}

	return net_run_function(argc, argv, func, net_ads_keytab_usage);

}

int net_ads_help(int argc, const char **argv)

{

		{"DN", net_ads_dn},

		{"WORKGROUP", net_ads_workgroup},

		{"LOOKUP", net_ads_lookup},

		{"KEYTAB", net_ads_keytab},

		{"HELP", net_ads_help},

		{NULL, NULL}

	};

#else

static int net_ads_noads(void)

static int net_ads_noads(int argc, const char **argv)

{

	d_printf("ADS support not compiled in\n");

	return -1;

}

int net_ads_keytab(int argc, const char **argv)

{

	return net_ads_noads();

}

int net_ads_usage(int argc, const char **argv)

{

	return net_ads_noads();